Monorepo for Aesthetic.Computer aesthetic.computer
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: use raw body for webhook signature verification in lith

Express re-serializes parsed JSON via JSON.stringify(), which can alter
whitespace/key ordering. Stripe's constructEvent() then fails because
the signature was computed against the original body. Use req.rawBody
(captured by captureRawBody middleware) in toEvent() to preserve the
exact bytes the client sent.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

+8 -2
+8 -2
lith/server.mjs
··· 216 216 217 217 // --- Netlify event adapter --- 218 218 function toEvent(req) { 219 - // Reconstruct body as string (Netlify handlers expect string or null) 219 + // Reconstruct body as string (Netlify handlers expect string or null). 220 + // Prefer rawBody when available — it preserves the exact bytes the client 221 + // sent, which is critical for webhook signature verification (Stripe, etc.). 220 222 let body = null; 221 - if (req.body) { 223 + if (req.rawBody) { 224 + body = Buffer.isBuffer(req.rawBody) 225 + ? req.rawBody.toString("utf-8") 226 + : String(req.rawBody); 227 + } else if (req.body) { 222 228 const contentType = (req.headers["content-type"] || "").toLowerCase(); 223 229 body = 224 230 typeof req.body === "string"